Monthly Archive: March 2002

LogWatch before 2.5 allows local users to execute arbitrary code via a symlink attack on the logwatch temporary directory. Date published : 2002-03-30 http://www.securityfocus.com/bid/4374 http://marc.info/?l=bugtraq&m=101724766216872

Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the...

rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions, allows remote attackers to cause a denial of service (crash) via malformed RPC packets with invalid lengths. Date published : 2002-03-30 ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P

AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, which are not properly sanitized before being passed to the MySQL database. Date published : 2002-03-15 http://www.securityfocus.com/bid/3741 http://www.securityfocus.com/archive/1/247126

Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to cause a denial of service by creating a very large array in a table, which causes miniSQL to crash when the table is...

get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows remote attackers to modify the database and possibly execute arbitrary commands via a SQL code injection attack. Date published : 2002-03-15 http://www.securityfocus.com/bid/3739 http://www.securityfocus.com/archive/1/246994

The web administration server for ELSA Lancom 1100 Office does not require authentication, which allows arbitrary remote attackers to gain administrative privileges by connecting to the server. Date published : 2002-03-15 http://www.securityfocus.com/bid/3746 http://www.securityfocus.com/archive/1/247274

Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain PHP source code via an HTTP request containing the target’s IP address and a valid account name for the domain. Date published : 2002-03-15...

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses a default SNMP community string of ‘public’ which allows remote attackers to gain sensitive information. Date published : 2002-03-15 http://www.securityfocus.com/bid/3736 http://www.securityfocus.com/archive/1/246849

D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges. Date published : 2002-03-15...

Microsoft Internet Explorer 6.0 and earlier allows malicious website operators to cause a denial of service (client crash) via JavaScript that continually refreshes the window via self.location. Date published : 2002-03-15 http://www.securityfocus.com/bid/3730 http://www.securityfocus.com/archive/1/246649

Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the...

Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. Date published : 2002-03-15...

Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. Date published : 2002-03-15 http://www.securityfocus.com/bid/3726 http://www.securityfocus.com/archive/1/246663